Rustbox
Cloud runtime for executing untrusted code. Built for AI agents, coding platforms, and secure tool execution.
curl -s -X POST "https://api.rustbox.orkait.com/api/submit?wait=true" \ -H "Content-Type: application/json" \ -H "X-API-Key: rb_live_your_key_here" \ -d '{"language": "python", "code": "print(42)"}' | jq{ "id": "f2c6c5f7-1203-46e5-8a4f-a619c12bfeb0", "language": "python", "job_status": "completed", "schema_version": "1.0", "verdict": "AC", "exit_code": 0, "signal": null, "stdout": "42\n", "stderr": "", "output_integrity": "complete", "error_message": null, "cpu_time_secs": 0.009142, "wall_time_secs": 0.01, "memory_peak_bytes": 3862528, "evidence": { "verdict_cause": "normal_exit", "verdict_actor": "runtime", "isolation_mode": "strict", "controls_applied": ["pid_namespace", "mount_namespace", "network_namespace", "memory_limit", "process_limit", "no_new_privileges"], "controls_missing": [], "cgroup": { "cpu_usage_usec": 9142, "memory_limit_bytes": 268435456, "memory_peak_bytes": 3862528, "oom_events": 0, "oom_kill_events": 0, "process_count": 0, "process_limit": 10 }, "timing": { "cpu_ms": 9, "wall_ms": 10, "cpu_wall_ratio": 0.9, "divergence": "cpu_bound" }, "process_lifecycle": { "reap_status": "clean", "descendant_containment": "ok", "zombie_count": 0 }, "judge_actions": [], "collection_errors": [] }, "created_at": "2026-04-03T08:05:23.540110054+00:00", "started_at": "2026-04-03T08:05:23.540218508+00:00", "completed_at": "2026-04-03T08:05:23.570195915+00:00"}Replace
rb_live_your_key_herewith your actual API key. Request access to get one.
36ms median latency. 8 languages. Kernel-enforced isolation. Evidence-backed verdicts.
Why Rustbox
Section titled “Why Rustbox”| Rustbox | Typical alternatives | |
|---|---|---|
| Latency | 36ms cold start | 500ms+ |
| Throughput | 148 executions/s | ~30/s |
| Isolation | 8 kernel layers, compile-time enforced | Container defaults |
| Syscall filter | 51-rule seccomp deny-list | 300-rule generic defaults |
| Verdicts | Kernel evidence (OOM events, cgroup stats) | Exit code guessing |
| Integration | Single API call | Multiple services to orchestrate |
Two profiles
Section titled “Two profiles”Judge - competitive programming, coding assessments. 256 MB memory, per-language time limits, no network access. Tight limits, fast verdicts.
Executor - AI agents, code playgrounds, tool execution. 2 GB memory, 60 second wall time, filtered network. Room for real workloads.
Judge profile is available in the open beta. Executor profile available on request. Read more about profiles.
8 layers of isolation
Section titled “8 layers of isolation”Every execution runs in a fresh sandbox with 8 independent security layers. Escape requires defeating all eight simultaneously.
| # | Layer | Stops |
|---|---|---|
| 1 | PID + IPC + UTS namespaces | Seeing host processes, IPC channels |
| 2 | Mount namespace + chroot | Accessing host filesystem |
| 3 | Network namespace | Sockets, DNS, cloud metadata |
| 4 | Cgroups v2 | Memory bombs, fork bombs, CPU abuse |
| 5 | Seccomp-BPF (51 rules) | ptrace, mount, bpf, io_uring, kexec |
| 6 | All capability sets zeroed | Privilege escalation |
| 7 | Credential drop to unprivileged UID | Running as root |
| 8 | NO_NEW_PRIVS | Regaining privileges via setuid |
147 adversarial tests across all 8 languages. Fork bombs, memory bombs, chroot escapes, seccomp bypasses, privilege escalation attempts. 0 escapes across 22 attack vectors x 8 languages. Security details.
8 languages
Section titled “8 languages”Python, C, C++, Java, JavaScript, TypeScript, Go, Rust. Full language reference.
Open beta - Request access to get your API key and start integrating today.
Quickstart - Get from API key to working integration in 5 minutes.
API Reference - Full endpoint documentation.
Security - The 8-layer isolation model in detail.